Rapid7’s mission is to develop simple, innovative solutions for security’s complex challenges. We understand the attacker better than anyone and build that insight into our security software and services.

Complete engagements 45% faster through higher productivity

Penetration testers need to use their valuable expertise efficiently. In a survey with more than 2,000 Metasploit users, Metasploit Pro users said they save 45% of time on average compared to using Metasploit Framework. Productivity features include:

Leverage the Metasploit open source project and its leading exploit library

Rapid7 manages the Metasploit project, the largest collection of code-reviewed exploits, backed by a community of over 200,000 members.

Leading the Metasploit project gives Rapid7 unique insights in to the latest attacker methods and mindset. Rapid7 works with the community to add an average of 1.2 new exploits per day, currently counting more than 1,300 exploits and a total of more than 2.000 modules.

Manage data in large assessments

Conducting an assessment and managing data in networks over 100 hosts can be challenging.

Metasploit Pro scales to support thousands of hosts per project on engagements. Its robust data management helps you find the needle in your haystack.

Uncover weak and reused credentials

According to the Verizon Data Breach Investigations Report, credentials have become the #1 attack vector for attackers. With Metasploit Pro, you can test your network for weak and reused passwords. Going beyond just cracking operating system accounts, Metasploit Pro can run brute-force attacks against over 20 account types, including databases, web servers, and remote administration solutions.

Evade leading defensive solutions

Create dynamic payloads to evade detection by anti-malware solutions. Metasploit Pro evades leading anti-virus solutions 90% of the time, with no solution detecting all options. Dynamic payloads are seamlessly integrated into exploitation, credentialed log-ins, and phishing and can be used stand-alone. Get past firewall and IPS using traffic-level evasion techniques.

Control compromised machines and take over the network

Completely take over a machine you have compromised. In the post-exploitation step, you choose from over 200 modules, from stealing credentials and accessing files to installing key loggers and using the web cam.

Post-exploitation macros can automate your preferred steps when a new machine is compromised.

After the first machine, you'll soon own the entire network, especially when you use VPN pivoting to get full local network access.

Automatically generate reports of key findings

Writing reports is often the most frustrating part of the job and takes up to 30% of time on an assessment.

Automatically record actions and findings from your network and application-layer assessment to save valuable time otherwise spent on cutting and pasting. Generate reports to show your findings and sort them by regulations such as PCI DSS and FISMA.

Vulnerability Validation

After eight months of running Nexpose Enterprise and Metasploit Pro, we had a follow-up compliance audit. In comparison with the previous year, we had reduced risk exposure by more than 98%. That's particularly impressive when you consider the fact that we brought on five new hospitals in that timeframe – it proved that using Metasploit prior to an acquisition made a significant impact. Our current goal is to use Metasploit on all assets on a quarterly basis.

Scott Erven Manager, Information Securityat Essentia Health

Create prioritized closed-loop remediation reports

Deliver closed-loop vulnerability reports that prioritize remediation based on the exploitability of vulnerabilities in your environment.

Metasploit Pro's Vulnerability Validation Wizard greatly simplifies the integration with Rapid7 Nexpose and guides the user through the validation process.

Improve security by prioritizing exploitable vulnerabilities

Find out which vulnerabilities could be exploited by an attacker in your specific environment and therefore pose a risk to your network and should be prioritized for remediation.

In Nexpose, filter reports for validated vulnerabilities so you can focus your remediation efforts on them.

Demonstrate risk exposure to prioritize remediation and get buy-in

When other departments question the validity of scan results, demonstrate that a vulnerability puts systems and data at risk of compromise by simulating an attack. Get quick buy-in for remediation measures and build credibility with stakeholders.

Prove effectiveness of remediation or compensating controls to auditors

Verify that remediations or compensating controls implemented to protect systems are operational and effective. Create vulnerability exceptions based on hard evidence that easily pass your next audit.

Assess overall user awareness and deliver targeted training

Measure conversion rates at each step in the phishing campaign funnel, such as how many people clicked through a phishing email, how many entered username and password on a cloned website, and how many systems were compromised.

Get advice on how to address risk at each step in the social engineering funnel. When users take a dangerous action, they can be redirected to a training site on the spot.

Test the effectiveness of security controls

Measure the effectiveness of technical controls such as anti-malware solutions and URL blockers in addition to the user awareness.